Project: Migrate to bazel modules

.bazelversion

@@ -1 +1 @@
-6.3.2
+7.0.0

.gitignore

@@ -2,7 +2,7 @@
 *.profraw
 *.provisionprofile
 bazel-*
-Pods
+MODULE.bazel.lock
 Santa.xcodeproj/*
 Santa.xcworkspace/*
 CoverageData/*

MODULE.bazel

@@ -0,0 +1,58 @@
+module(name = "santa")
+
+bazel_dep(name = "apple_support", version = "1.15.1", repo_name = "build_bazel_apple_support")
+bazel_dep(name = "abseil-cpp", version = "20230802.1", repo_name = "com_google_absl")
+
+bazel_dep(name = "rules_python", version = "0.31.0")
+bazel_dep(name = "rules_cc", version = "0.0.9")
+bazel_dep(name = "rules_apple", version = "3.5.0", repo_name = "build_bazel_rules_apple")
+bazel_dep(name = "rules_swift", version = "1.18.0", repo_name = "build_bazel_rules_swift")
+
+bazel_dep(name = "protobuf", version = "main", repo_name = "com_google_protobuf")
+git_override(
+    module_name = "protobuf",
+    remote = "https://github.com/protocolbuffers/protobuf.git",
+    commit = "21d75f861cdbc03b0a6b235a9ccf3ba0e1f09b32",
+)
+
+bazel_dep(name = "googletest", version = "1.14.0.bcr.1", repo_name = "com_google_googletest")
+
+bazel_dep(name = "molcertificate", version = "2.1", repo_name = "MOLCertificate")
+git_override(
+    module_name = "molcertificate",
+    remote = "https://github.com/google/macops-molcertificate.git",
+    commit = "34f0ccf68a34a07cc636ada89057c529f90bec3a",
+)
+
+bazel_dep(name = "molauthenticatingurlsession", version = "3.0", repo_name = "MOLAuthenticatingURLSession")
+git_override(
+    module_name = "molauthenticatingurlsession",
+    remote = "https://github.com/google/macops-molauthenticatingurlsession.git",
+    commit = "0a50a67f29d635a4012981714c1dedef9ac25fe6",
+)
+
+bazel_dep(name = "molcodesignchecker", version = "3.0", repo_name = "MOLCodesignChecker")
+git_override(
+    module_name = "molcodesignchecker",
+    remote = "https://github.com/google/macops-molcodesignchecker.git",
+    commit = "5060bcc8baa90bae3b0ca705d14850328bbbec53",
+)
+
+bazel_dep(name = "molxpcconnection", version = "2.1", repo_name = "MOLXPCConnection")
+git_override(
+    module_name = "molxpcconnection",
+    remote = "https://github.com/russellhancox/macops-molxpcconnection.git",
+    commit = "da816dc49becac96d941ef6a5c4153ed39d1fe7c",
+)
+
+non_module_deps = use_extension("//:non_module_deps.bzl", "non_module_deps")
+use_repo(non_module_deps, "FMDB")
+use_repo(non_module_deps, "OCMock")
+
+bazel_dep(name = "hedron_compile_commands", dev_dependency = True)
+git_override(
+    module_name = "hedron_compile_commands",
+    remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git",
+    commit = "0e990032f3c5a866e72615cf67e5ce22186dcb97",
+)
+

Source/santad/BUILD

@@ -913,7 +913,7 @@ santa_unit_test(
 santa_unit_test(
     name = "SantadTest",
     srcs = ["SantadTest.mm"],
-    data = [
+    structured_resources = [
         "//Source/santad/testdata:binaryrules_testdata",
     ],
     minimum_os_version = "11.0",
@@ -1015,7 +1015,7 @@ santa_unit_test(
 santa_unit_test(
     name = "EndpointSecuritySerializerProtobufTest",
     srcs = ["Logs/EndpointSecurity/Serializers/ProtobufTest.mm"],
-    data = [
+    structured_resources = [
         "//Source/santad/testdata:protobuf_json_testdata",
     ],
     deps = [

Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm

@@ -78,6 +78,12 @@
 using santa::santad::logs::endpoint_security::serializers::GetPolicyDecision;
 using santa::santad::logs::endpoint_security::serializers::GetReasonEnum;
 
+@interface ProtobufTest : XCTestCase
+@property id mockConfigurator;
+@property id mockDecisionCache;
+@property SNTCachedDecision *testCachedDecision;
+@end
+
 JsonPrintOptions DefaultJsonPrintOptions() {
   JsonPrintOptions options;
   options.always_print_enums_as_ints = false;
@@ -87,21 +93,6 @@ JsonPrintOptions DefaultJsonPrintOptions() {
   return options;
 }
 
-NSString *TestJsonPath(NSString *jsonFileName, uint32_t version) {
-  static dispatch_once_t onceToken;
-  static NSString *testPath;
-  static NSString *testDataRepoPath = @"santa/Source/santad/testdata/protobuf";
-  NSString *testDataRepoVersionPath = [NSString stringWithFormat:@"v%u", version];
-
-  dispatch_once(&onceToken, ^{
-    testPath = [NSString pathWithComponents:@[
-      [[[NSProcessInfo processInfo] environment] objectForKey:@"TEST_SRCDIR"], testDataRepoPath
-    ]];
-  });
-
-  return [NSString pathWithComponents:@[ testPath, testDataRepoVersionPath, jsonFileName ]];
-}
-
 NSString *EventTypeToFilename(es_event_type_t eventType) {
   switch (eventType) {
     case ES_EVENT_TYPE_NOTIFY_CLOSE: return @"close.json";
@@ -117,6 +108,16 @@ JsonPrintOptions DefaultJsonPrintOptions() {
   }
 }
 
+NSString *TestJsonPath(NSString *jsonFileName, uint32_t version) {
+  NSString *p = [NSString pathWithComponents:@[
+    [[NSBundle bundleForClass:[ProtobufTest class]] resourcePath],
+    @"protobuf",
+    [NSString stringWithFormat:@"v%u", version],
+    jsonFileName,
+  ]];
+  return p;
+}
+
 NSString *LoadTestJson(NSString *jsonFileName, uint32_t version) {
   NSError *err = nil;
   NSString *jsonData = [NSString stringWithContentsOfFile:TestJsonPath(jsonFileName, version)
@@ -325,12 +326,6 @@ void SerializeAndCheckNonESEvents(
   XCTBubbleMockVerifyAndClearExpectations(mockESApi.get());
 }
 
-@interface ProtobufTest : XCTestCase
-@property id mockConfigurator;
-@property id mockDecisionCache;
-@property SNTCachedDecision *testCachedDecision;
-@end
-
 @implementation ProtobufTest
 
 - (void)setUp {

Source/santad/SantadTest.mm

@@ -71,7 +71,6 @@ static void SetBinaryDataFromHexString(const char *hexStr, uint8_t *buf, size_t
   }
 }
 
-static NSString *const testBinariesPath = @"santa/Source/santad/testdata/binaryrules";
 static const char *kAllowedSigningID = "com.google.allowed_signing_id";
 static const char *kBlockedSigningID = "com.google.blocked_signing_id";
 static const char *kNoRuleMatchSigningID = "com.google.no_rule_match_signing_id";
@@ -127,7 +126,8 @@ - (BOOL)checkBinaryExecution:(NSString *)binaryName
   OCMStub([mockConfigurator fileAccessPolicyUpdateIntervalSec]).andReturn(600);
 
   NSString *testPath = [NSString pathWithComponents:@[
-    [[[NSProcessInfo processInfo] environment] objectForKey:@"TEST_SRCDIR"], testBinariesPath
+    [[NSBundle bundleForClass:[self class]] resourcePath],
+    @"binaryrules",
   ]];
 
   OCMStub([self.mockSNTDatabaseController databasePath]).andReturn(testPath);

WORKSPACE

@@ -7,160 +7,6 @@ load(
 )
 load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
-# Abseil LTS branch, Aug 2023
-http_archive(
-    name = "com_google_absl",
-    sha256 = "59d2976af9d6ecf001a81a35749a6e551a335b949d34918cfade07737b9d93c5",
-    strip_prefix = "abseil-cpp-20230802.0",
-    urls = ["https://github.com/abseil/abseil-cpp/archive/refs/tags/20230802.0.tar.gz"],
-)
-
-http_archive(
-    name = "com_google_protobuf",
-    sha256 = "4fc5ff1b2c339fb86cd3a25f0b5311478ab081e65ad258c6789359cd84d421f8",
-    strip_prefix = "protobuf-26.1",
-    urls = ["https://github.com/protocolbuffers/protobuf/archive/v26.1.tar.gz"],
-)
-
-# We don't directly use rules_python but several dependencies do and they disagree
-# about which version to use, so we force the latest.
-http_archive(
-    name = "rules_python",
-    sha256 = "48a838a6e1983e4884b26812b2c748a35ad284fd339eb8e2a6f3adf95307fbcd",
-    strip_prefix = "rules_python-0.16.2",
-    url = "https://github.com/bazelbuild/rules_python/archive/refs/tags/0.16.2.tar.gz",
-)
-
-http_archive(
-    name = "build_bazel_rules_apple",
-    sha256 = "8ac4c7997d863f3c4347ba996e831b5ec8f7af885ee8d4fe36f1c3c8f0092b2c",
-    url = "https://github.com/bazelbuild/rules_apple/releases/download/2.5.0/rules_apple.2.5.0.tar.gz",
-)
-
-load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependencies")
-
-apple_rules_dependencies()
-
-load("@build_bazel_rules_swift//swift:repositories.bzl", "swift_rules_dependencies")
-
-swift_rules_dependencies()
-
-load(
-    "@build_bazel_rules_swift//swift:extras.bzl",
-    "swift_rules_extra_dependencies",
-)
-
-swift_rules_extra_dependencies()
-
-load("@build_bazel_apple_support//lib:repositories.bzl", "apple_support_dependencies")
-
-apple_support_dependencies()
-
-# Hedron Bazel Compile Commands Extractor
-# Allows integrating with clangd
-# https://github.com/hedronvision/bazel-compile-commands-extractor
-git_repository(
-    name = "hedron_compile_commands",
-    commit = "ac6411f8f347e5525038cb7858db4969db9e74f2",
-    remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git",
-    shallow_since = "1696885905 +0000",
-)
-
-load("@hedron_compile_commands//:workspace_setup.bzl", "hedron_compile_commands_setup")
-
-hedron_compile_commands_setup()
-
-# Googletest - tag: release-1.12.1
-http_archive(
-    name = "com_google_googletest",
-    sha256 = "ab78fa3f912d44d38b785ec011a25f26512aaedc5291f51f3807c592b506d33a",
-    strip_prefix = "googletest-58d77fa8070e8cec2dc1ed015d66b454c8d78850",
-    urls = ["https://github.com/google/googletest/archive/58d77fa8070e8cec2dc1ed015d66b454c8d78850.zip"],
-)
-
-# Note: Protobuf deps must be loaded after defining the ABSL archive since
-# protobuf repo would pull an in earlier version of ABSL.
-load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
-
-protobuf_deps()
-
-# Macops MOL* dependencies
-
-git_repository(
-    name = "MOLAuthenticatingURLSession",
-    commit = "38b5ee46edb262481b16f950266a11d8cb77127c",  # tag = v3.1
-    remote = "https://github.com/google/macops-molauthenticatingurlsession.git",
-    shallow_since = "1671479898 -0500",
-)
-
-git_repository(
-    name = "MOLCertificate",
-    commit = "288553b8ac75d7dd68159ef5b57652a506b8217c",  # tag = "v2.1",
-    remote = "https://github.com/google/macops-molcertificate.git",
-    shallow_since = "1561303966 -0400",
-)
-
-git_repository(
-    name = "MOLCodesignChecker",
-    commit = "567eca847003b36f61fff61472809c39dcf31ef6",  # tag = "v3.0",
-    remote = "https://github.com/google/macops-molcodesignchecker.git",
-    shallow_since = "1561303990 -0400",
-)
-
-git_repository(
-    name = "MOLXPCConnection",
-    commit = "2c67c925c2b57fea9af551295d2b6711b38bb224",  # tag = v2.1
-    remote = "https://github.com/google/macops-molxpcconnection.git",
-    shallow_since = "1564684202 -0400",
-)
-
-# FMDB
-
-new_git_repository(
-    name = "FMDB",
-    build_file_content = """
-objc_library(
-    name = "FMDB",
-    srcs = glob(["src/fmdb/*.m"], exclude=["src/fmdb.m"]),
-    hdrs = glob(["src/fmdb/*.h"]),
-    includes = ["src"],
-    sdk_dylibs = ["sqlite3"],
-    visibility = ["//visibility:public"],
-)
-""",
-    commit = "61e51fde7f7aab6554f30ab061cc588b28a97d04",  # tag = 2.7.7
-    remote = "https://github.com/ccgus/fmdb.git",
-    shallow_since = "1589301502 -0700",
-)
-
-# OCMock
-
-new_git_repository(
-    name = "OCMock",
-    build_file_content = """
-objc_library(
-    name = "OCMock",
-    testonly = 1,
-    hdrs = glob(["Source/OCMock/*.h"]),
-    copts = [
-        "-Wno-vla",
-    ],
-    includes = [
-        "Source",
-        "Source/OCMock",
-    ],
-    non_arc_srcs = glob(["Source/OCMock/*.m"]),
-    pch = "Source/OCMock/OCMock-Prefix.pch",
-    visibility = ["//visibility:public"],
-)
-""",
-    commit = "afd2c6924e8a36cb872bc475248b978f743c6050",  # tag = v3.9.1
-    patch_args = ["-p1"],
-    patches = ["//external_patches/OCMock:503.patch"],
-    remote = "https://github.com/erikdoe/ocmock",
-    shallow_since = "1635703064 +0100",
-)
-
 # Moroz (for testing)
 
 http_archive(

helper.bzl

@@ -26,7 +26,6 @@ def santa_unit_test(
         resources = [],
         structured_resources = [],
         copts = [],
-        data = [],
         **kwargs):
     apple_resource_group(
         name = "%s_resources" % name,
@@ -50,6 +49,5 @@ def santa_unit_test(
         minimum_os_version = minimum_os_version,
         deps = [":%s_lib" % name],
         size = size,
-        data = data,
         visibility = ["//:__subpackages__"],
     )

non_module_deps.bzl

@@ -0,0 +1,49 @@
+load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
+
+def _non_module_deps_impl(ctx):
+  # FMDB is used to access SQLite from Objective-C(++) code.
+  git_repository(
+    name = "FMDB",
+    remote = "https://github.com/ccgus/fmdb.git",
+    commit = "61e51fde7f7aab6554f30ab061cc588b28a97d04",
+    shallow_since = "1589301502 -0700",
+    build_file_content = """
+objc_library(
+    name = "FMDB",
+    srcs = glob(["src/fmdb/*.m"], exclude=["src/fmdb.m"]),
+    hdrs = glob(["src/fmdb/*.h"]),
+    includes = ["src"],
+    sdk_dylibs = ["sqlite3"],
+    visibility = ["//visibility:public"],
+)
+""",
+  )
+
+  # OCMock is used in several tests.
+  git_repository(
+    name = "OCMock",
+    build_file_content = """
+objc_library(
+    name = "OCMock",
+    testonly = 1,
+    hdrs = glob(["Source/OCMock/*.h"]),
+    copts = [
+        "-Wno-vla",
+    ],
+    includes = [
+        "Source",
+        "Source/OCMock",
+    ],
+    non_arc_srcs = glob(["Source/OCMock/*.m"]),
+    pch = "Source/OCMock/OCMock-Prefix.pch",
+    visibility = ["//visibility:public"],
+)
+""",
+    commit = "afd2c6924e8a36cb872bc475248b978f743c6050",  # tag = v3.9.1
+    patch_args = ["-p1"],
+    patches = ["//external_patches/OCMock:503.patch"],
+    remote = "https://github.com/erikdoe/ocmock",
+    shallow_since = "1635703064 +0100",
+)
+
+non_module_deps = module_extension(implementation = _non_module_deps_impl)